Open Solutions For Education openSIS SQL注入漏洞

openSIS is an open source student information management system from Open Solutions for Education. openSIS is vulnerable to SQL injection, which originates in /opensis/functions/GetStuListFnc.php, where the Grade lacks validation of externally entered SQL statements. validation. An attacker could...